[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RADEXT WG re-charter

To: "David B. Nelson" <d.b.nelson@comcast.net>, <radiusext@ops.ietf.org>
Subject: Re: RADEXT WG re-charter
From: "Bernard Aboba" <Bernard_Aboba@hotmail.com>
Date: Wed, 16 Apr 2008 17:25:57 -0700
In-reply-to: <BLU137-W48C2DDC500B37865CBBD9F93F50@phx.gbl> <AC1CFD94F59A264488DC2BEC3E890DE50598D1E3@xmb-sjc-225.amer.cisco.com> <BLU137-DS39DAA210AA10B0CDB138F93EC0@phx.gbl> <AC1CFD94F59A264488DC2BEC3E890DE505A01761@xmb-sjc-225.amer.cisco.com> <010001c89c27$8a6ff5f0$1f0a0a0a@xpsuperdvd2> <001801c89e36$38856cf0$33da787c@arubanetworks.com> <019e01c89e3e$87835030$1f0a0a0a@xpsuperdvd2> <001d01c89e4f$53bed740$33da787c@arubanetworks.com> <01b201c89e55$0cab70b0$1f0a0a0a@xpsuperdvd2> <AC1CFD94F59A264488DC2BEC3E890DE505A020F0@xmb-sjc-225.amer.cisco.com> <00a201c89fc0$aadb86f0$6401a8c0@NEWTON603>
References: <BLU137-W48C2DDC500B37865CBBD9F93F50@phx.gbl> <AC1CFD94F59A264488DC2BEC3E890DE50598D1E3@xmb-sjc-225.amer.cisco.com> <BLU137-DS39DAA210AA10B0CDB138F93EC0@phx.gbl> <AC1CFD94F59A264488DC2BEC3E890DE505A01761@xmb-sjc-225.amer.cisco.com> <010001c89c27$8a6ff5f0$1f0a0a0a@xpsuperdvd2> <001801c89e36$38856cf0$33da787c@arubanetworks.com> <019e01c89e3e$87835030$1f0a0a0a@xpsuperdvd2> <001d01c89e4f$53bed740$33da787c@arubanetworks.com> <01b201c89e55$0cab70b0$1f0a0a0a@xpsuperdvd2> <AC1CFD94F59A264488DC2BEC3E890DE505A020F0@xmb-sjc-225.amer.cisco.com> <00a201c89fc0$aadb86f0$6401a8c0@NEWTON603>

That's the part I still don't understand.  The only "consideration" I've
heard so far is that "NIST hasn't blessed it", which is political and not
technical.


At IETF 71, the technical discussion brought up the following points:

a. The integrity protection for keywrap is considerably *weaker* (e.g. 64bits)

than for standard MIC algorithms.

b. Encryption algorithms for keywrap cannot be securely used to do bulkencryption

of data, but algorithms that can do bulk encryption can securely be used to
encrypt keys.

c. Existing IETF standards (such as Diameter EAP, RFC 4702) use TLS toprotect keys.

There are no known security issues relating to this.

As far as the "politics" goes, at various points during this discussion,assertions

have been made with respect to NIST's position.   However, when

NIST was contacted to verify those assertions, they indicated that theassertionseither did not represent the official position of NIST, or that NIST had notyet

taken a position.

Given this, I would suggest that assertions made about NIST positions should

be ruled out of scope, unless they come directly from representatives ofNIST.


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- RE: RADEXT WG re-charter
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>

References:
- RADEXT WG re-charter
  - From: Bernard Aboba <bernard_aboba@hotmail.com>
- RE: RADEXT WG re-charter
  - From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
- Re: RADEXT WG re-charter
  - From: <Bernard_Aboba@hotmail.com>
- RE: RADEXT WG re-charter
  - From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
- RE: RADEXT WG re-charter
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- RE: RADEXT WG re-charter
  - From: "Glen Zorn" <glenzorn@comcast.net>
- RE: RADEXT WG re-charter
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- RE: RADEXT WG re-charter
  - From: "Glen Zorn" <glenzorn@comcast.net>
- RE: RADEXT WG re-charter
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- RE: RADEXT WG re-charter
  - From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
- RE: RADEXT WG re-charter
  - From: "David B. Nelson" <d.b.nelson@comcast.net>

Prev by Date: RE: RADEXT WG re-charter
Next by Date: RE: Meaning of "backward compatible" WAS RE: Consensus Call on RADEXT WG re-charter
Previous by thread: RE: RADEXT WG re-charter
Next by thread: RE: RADEXT WG re-charter
Index(es):
- Date
- Thread